[EC-598] fix: send correct excluded cipher ids

2024-11-16 10:45:20 +01:00 · 2023-04-05 16:47:48 +02:00 · 2023-04-05 16:47:48 +02:00 · 2992142681
commit 2992142681
parent 034f16f29e
2 changed files with 19 additions and 22 deletions
--- a/apps/browser/src/webauthn/popup/fido2/fido2.component.html
+++ b/apps/browser/src/webauthn/popup/fido2/fido2.component.html
@ -41,11 +41,7 @@
      A passkey already exists in Bitwarden for this account
      <div class="box list">
        <div class="box-content">
-          <app-cipher-row
-            *ngFor="let cipher of ciphers"
-            [cipher]="cipher"
-            (onSelected)="pick(cipher)"
-          ></app-cipher-row>
+          <app-cipher-row *ngFor="let cipher of ciphers" [cipher]="cipher"></app-cipher-row>
        </div>
      </div>
    </ng-container>
--- a/libs/common/src/webauthn/services/fido2-authenticator.service.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.ts
@ -62,13 +62,11 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
      throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.Constraint);
    }

-    const isExcluded = await this.vaultContainsCredentials(params.excludeCredentialDescriptorList);
-    if (isExcluded) {
-      await userInterfaceSession.informExcludedCredential(
-        // [Utils.guidToStandardFormat(params.excludeCredentialDescriptorList[0].id)],
-        [],
-        abortController
-      );
+    const existingCipherIds = await this.findExistingCredentials(
+      params.excludeCredentialDescriptorList
+    );
+    if (existingCipherIds.length > 0) {
+      await userInterfaceSession.informExcludedCredential(existingCipherIds, abortController);

      throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.NotAllowed);
    }
@ -243,9 +241,10 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
    }
  }

-  private async vaultContainsCredentials(
+  /** Finds existing crendetials and returns the `cipherId` for each one */
+  private async findExistingCredentials(
    credentials: PublicKeyCredentialDescriptor[]
-  ): Promise<boolean> {
+  ): Promise<string[]> {
    const ids: string[] = [];

    for (const credential of credentials) {
@ -256,17 +255,19 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
    }

    if (ids.length === 0) {
-      return false;
+      return [];
    }

    const ciphers = await this.cipherService.getAllDecrypted();
-    return ciphers.some(
-      (cipher) =>
-        (cipher.type === CipherType.Fido2Key && ids.includes(cipher.id)) ||
-        (cipher.type === CipherType.Login &&
-          cipher.login.fido2Key != undefined &&
-          ids.includes(cipher.login.fido2Key.nonDiscoverableId))
-    );
+    return ciphers
+      .filter(
+        (cipher) =>
+          (cipher.type === CipherType.Fido2Key && ids.includes(cipher.id)) ||
+          (cipher.type === CipherType.Login &&
+            cipher.login.fido2Key != undefined &&
+            ids.includes(cipher.login.fido2Key.nonDiscoverableId))
+      )
+      .map((cipher) => cipher.id);
  }

  private async findNonDiscoverableCredentials(